add default hardening flags

Author: 2b57

profiles/features/clang/make.defaults

@@ -5,8 +5,16 @@ CXX="clang++"
 # this works with libtool
 LD="ld.lld"
 
-# some linker flags
-LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind -Wl,--as-needed"
+# linker flags
+LDFLAGS="${LDFLAGS} -fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind -Wl,--as-needed"
+
+# hardening flags
+SOME_HARDENING_FLAGS="-fPIC -fstack-protector-strong -D_FORTIFY_SOURCE=2"
+
+# add some hardening by default
+LDFLAGS="${LDFLAGS} -Wl,-z,relro,-z,now -pie"
+CFLAGS="${CFLAGS} ${SOME_HARDENING_FLAGS}"
+CXXFLAGS="${CXXFLAGS} ${SOME_HARDENING_FLAGS}"
 
 # use LLVM-provided binutils
 AR="llvm-ar"
@@ -21,4 +29,4 @@ READELF="llvm-readelf"
 ADDR2LINE="llvm-addr2line"
 
 # curl needed by cmake
-BOOTSTRAP_USE="$BOOTSTRAP_USE ssl curl_ssl_openssl"
+BOOTSTRAP_USE="$BOOTSTRAP_USE ssl curl_ssl_openssl"